CVE-2023-5931
HIGH WAF: Medium
CVSS 8.8
Published: 2023-12-26
CWE-434
The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server
WAF Coverage Analysis
Unrestricted File Upload
Medium WAF Coverage
OWASP: A04:2021 Insecure Design
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| rtcamp | rtmedia | up to 4.6.16 |
References
- wpscan.com (Exploit, Third Party Advisory)